Adobe secured a database with 7.5 million records belonging to Adobe Creative Cloud users. The cache was not protected in any way, allowing anyone access to client information if they knew how to find it. Although the details included are not highly sensitive, they could be used to launch better-crafted phishing campaigns against customers whose data was exposed.
Adobe reacted quickly
It is unclear how long the details stayed exposed but Bob Diachenko, the researcher that discovered it, estimates that anyone had free access to them for about a week.
Diachenko reported his findings to Adobe on October 19 and the company secured the Elasticsearch database on the same day.
According to
Comparitech, sensitive details like passwords or payment data were not included.